Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001557)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001557 advisory. An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error with a resultant integer underflow affecting out-of-bounds...

Exploiting Inaccurate Branch History in Side-Channel Attacks

Modern out-of-order CPUs heavily rely on speculative execution for performance optimization, with branch prediction serving as a cornerstone to minimize stalls and maximize efficiency. Whenever shared branch prediction resources lack proper isolation and sanitization methods, they may originate...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from vulnerability to spectre attacks...

Fedora 38 : firefox (2023-af4cfc9c3c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af4cfc9c3c advisory. - Updated to latest upstream 114.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

SUSE-SU-2022:2111-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. bsc1199650 - CVE-2022-21123: Fixed a stale MMIO data...

SUSE: Security Advisory (SUSE-SU-2022:2083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:2078-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2083-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. bsc1199650 - CVE-2022-21123: Fixed a stale MMIO data...

SUSE-SU-2022:2080-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. bnc1158266 - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to...

SUSE-SU-2022:2078-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2ioctlqueryinfo. bsc1197472 - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmcblkreadsingle of...

AMD Processors 信息泄露漏洞

AMD Processors is a processor from AMD. AMD Processors suffers from an information disclosure vulnerability that stems from the fact that the hardware mitigations that AMD has added to its processors are not sufficient to address the Spectre-BTI vulnerability...

A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...

Design/Logic Flaw

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences ...

CVE-2020-27170

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

Mozilla Thunderbird < 60.7

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-15 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...

Mozilla Firefox ESR < 60.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-14 advisory. - A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use...

Security vulnerabilities fixed in Thunderbird 60.7 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...